Vulnerability CVE-2020-16846


Published: 2020-11-06

Description:
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

See advisories in our WLB2 database:
Topic
Author
Date
High
SaltStack Salt REST API Arbitrary Command Execution
wvu
13.11.2020

Type:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

 References:
https://github.com/saltstack/salt/releases
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/

Copyright 2024, cxsecurity.com

 

Back to Top